CVE-2026-40149

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.128

Description PraisonAI is a multi-agent teams system. The gateway's /api/approval/allow-list endpoint allows unauthenticated modification of the tool approval allowlist when no auth token is configured, which is the default setting. An attacker can add dangerous tool names (e.g., shell exec, file write) to the allowlist, causing the ExecApprovalManager to auto-approve all future agent invocations of those tools, bypassing the human-in-the-loop safety mechanism.

Recommendations Update to version 4.5.128 or later.